cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2525
Views
0
Helpful
3
Replies

Can't stream RTSP outside network

jwilliams
Level 1
Level 1

Equipment used:

VBrick Systems Inc., Model HPS 7102 HS-HD

Cisco ASA5520 Firewall

I have been trying to take a vBrick RTSP stream and stream it outside of our network:

Inside our network, If I were to open VLC, and go to “Media”, “Open Network Stream” and paste rtsp://123.123.157.10/vbStream1S1 the stream works, audio and video.

Outside our network nothing.  I have opened ALL UDP and TCP ports to the vBrick 123.1123.157.10 on our firewall and tried from outside of our network:

access-list access-in extended permit tcp any host 123.123.157.10 range 1 65535

access-list access-in extended permit udp any host 123.123.157.10 range 1 65535

After adding this to the access list, the web gui http://123.123.157.10 (uses port 80) and ftp ftp://123.123.157.10 (uses port 21) is functional outside of our network...just not the rtsp stream which works fine internally.

Any ideas?  Not sure what else to try.  Any help will be appreciated!

Thanks.

3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

Do you have the follwing configuration on the ASA

policy-map global_policy

class inspection_default

  inspect rtsp

Sometimes either missing or having a certain "inspect" might cause problems with connections. Most commonly I have faced this with "inspect esmtp" and things related to "inspect h323"

You could try either removing or adding the above inspect depending on what the current setting is.

If it has been enabled you could try to see what the following command output shows for you

show service-policy inspect rtsp

Have you tried viewing firewall logs through ASDM while trying these connections from outside?

But this is from me truely a long shot and a pure guess and I have no real information from previous expirience that could help.

- Jouni

Journi,

Thanks for your reply.  Yes, I have tried removing and adding inspect rtsp to the policy-map below to see if that would change anything but it did  not.  I even removed all below that are being inspected briefly but  still nothing.

policy-map global_policy

class inspection_default

  inspect dns migrated_dns_map_1

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect http

  inspect icmp

I tried to show the service-policy as you stated above but I get this:

PC-23851-ASA5520# show service-policy inspect ?

  dns                Show statistics for inspect DNS policy

  esmtp              Show statistics for inspect ESMTP policy

  ftp                Show statistics for inspect FTP policy

  gtp                Show status/statistics of 'inspect gtp' policy

  h323               Show statistics for inspect H323 function

  http               Show statistics for inspect HTTP policy

  im                 Show statistics for inspect im policy

  ipsec-pass-thru    Show statistics for inspect IPSEC-PASS-THRU policy

  radius-accounting  Show information for inspect radius-accounting policy

  sip                Show statistics for inspect SIP policy

  skinny             Show statistics for inspect skinny policy

  waas               Show statistics for inspect waas policy

PC-23851-ASA5520# show service-policy inspect rtsp

                                               ^

ERROR: % Invalid input detected at '^' marker.

PC-23851-ASA5520#

I've  asked multiple people about this but no one can seem to figure it out.   All I want to do is take this stream (that streams fine inside the  network) and be able to view it outside of the network.  The only thing I  can think of that would keep that from happening is something firewall  related. Other services that the vbrick serves (ftp, http etc) work fine  outside the network when those ports are opened (port 21 and 80)  respectively.  Is there anything else I need to look at?  Anyones help  would be greatly appreciated!

I also have ASDM loaded but not sure where to look within the program to monitor the rtsp traffic (if there is any).

Thanks again!

Hi,

I'm not sure on the reason it doesnt accept your command. Might be if you dont have "inspect rtsp" configured it wont show it at all. Or there is some software related thing.

If you want to monitor connections to the host on the LAN you use the ASDM in the following way

  • Open ASDM
  • Go to the Monitoring Tab
  • Choose Logging from the lower left of the ASDM window
  • Use the button View to open the log window (logging level is usually debugging)
  • Insert either the source or destination IP address to the field "Filter By:" and press Enter
  • Now attempt the connections and see if you can get anything indication of a problem on the firewall

One alternative way is to capture traffic on the ASA direcly to see what is moving between the host on the outside and the host on the LAN

- Jouni

Review Cisco Networking for a $25 gift card